Page 1 of 1

1.10.8 windows virus?

Posted: Wed Nov 29, 2017 8:35 pm
by offbeatmammal
just tried to update to 1.10.8, and after .7 had uninstalled Windows Defender told me 10.8 contained a virus and trashed it!
is it a false positive, or has badness happened? :evil: :?:

Re: 1.10.8 windows virus?

Posted: Wed Nov 29, 2017 8:52 pm
by Woodstock
99% chance it is a false positive, but it is worth checking. There are sites that will accept a URL to a file download, and submit it to multiple antivirus testers, and give you an overall report of the findings.

https://www.virustotal.com is one such site. You can submit the URL for the download ( http://makemkv.com/download/Setup_MakeMKV_v1.10.8.exe in this case) and it will give a report. No problems were found when I ran the test, just before posting this.

Re: 1.10.8 windows virus?

Posted: Thu Nov 30, 2017 2:25 pm
by RCGNET
Exactly the same thing happened to me - reported as Trojan:Win32/Azden.A!cl, zapped the executable and the shortcuts...

It seems to have been able to remove it OK, bur REALLY bizarrely, when I put the name into the search bar in chrome, I ended up at a CraigsList page ?!?!?? (Different machine otherwise I would've feared something nefarious!)

Re: 1.10.8 windows virus?

Posted: Fri Dec 01, 2017 9:11 pm
by offbeatmammal
grrr! even told Windows Defender to ignore the MakeMKV app but ... it still deleted it over night!

Re: 1.10.8 windows virus?

Posted: Fri Dec 01, 2017 9:37 pm
by d00zah
VirusTotal (et al) think it's clean:

https://www.virustotal.com/#/url/fdface ... /detection

Also passed local Avast & MalwareBytes scans, FWIW.

You might want to report a 'false positive' to your AV provider.

Re: 1.10.8 windows virus?

Posted: Wed Dec 06, 2017 7:42 pm
by Starhawk
I downgraded to 1.10.7 because of this and haven't had any issues.

Re: 1.10.8 windows virus?

Posted: Wed Dec 06, 2017 7:47 pm
by Starhawk
Woodstock wrote:99% chance it is a false positive, but it is worth checking. There are sites that will accept a URL to a file download, and submit it to multiple antivirus testers, and give you an overall report of the findings.

https://www.virustotal.com is one such site. You can submit the URL for the download ( http://makemkv.com/download/Setup_MakeMKV_v1.10.8.exe in this case) and it will give a report. No problems were found when I ran the test, just before posting this.
If I scan the file via the link, it reports as fine.

If I download the file and then upload it to VirusTotal, it sees:

Code: Select all

eGambit      Unsafe.AI_Score_89%

Re: 1.10.8 windows virus?

Posted: Wed Dec 06, 2017 10:52 pm
by Woodstock
Did you verify the hash check for the file matches the hash file on the download page?

It should also match the hash generated by virustotal - I just verified that virustotal gave the same SHA256 hash as is published on the MakeMKV download page.

Interestingly, "eGambit" isn't even listed in the results page if you use the "check a URL" option.

Re: 1.10.8 windows virus?

Posted: Tue Jan 09, 2018 8:57 pm
by WAYFLIX
I’m getting the same thing now with 1.10.9. Downgrading to 1.10.8 solved this. Windows defender reports a Trojan virus.